General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Multiple Logins for a single user at different stations filtering not functioning - security threat?

I am new to Palo jsut going Live with a unit. I am seeing when users move from desk to desk and do not log out but login again at the second station their filtering does not function. They are either filtered as per the last login previously at the station (though that might be a user again also logged in somewhere else) OR they get no filteri...

2 ISP, 1 production & 1 Guest

Question for the community.I have a site with 2 ISP, 1 circuit is a crappy 10mb circuit I want to use for just guest wireless. Is it possible to run 2 ISP on a PA220 and keep the NAT and security seperate?

dualisp.png

HA2 goes down when Enabling Session Synchronization

Hello Palo Alto Community,I'm deploying a HA Pair of Palo Alto VM Serie (hosted on my infrastructure) and I'm being blocked by a situation I don't understand.HA1 is UP and the two member can see each other. I'm using the management interface as HA1 interface for convenience purposes.HA2 is ethernet1/2 which is on a Port-Group dedicated for HA2.W...

Resolved! OSPF in a Active/Passive Firewall setup

Hi,I have a lab with a active/passive Palo Alto firewall setup. I have had a look at the Palo Guide for setting up OSPF at: https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D8HwAAK&field=Attachment_1__Body__s From this, it looks like it is not possible to form an OSPF neighbour with a standby firewall. The sit...

vvadia by L1 Bithead
  • 8468 Views
  • 2 replies
  • 0 Likes

URL Identification

Hi i have a question about URL Identification. i use url object in security policy and no use ssl decryption if no SNI is present and there is no CN enrty, how can identify URL? thanks.

hbshin by L2 Linker
  • 6116 Views
  • 3 replies
  • 0 Likes

What is "cdt_token" process?

Hi there, Quick question. I'm currently troubleshooting a PA 3020 in version 8.0.12 for one of my customer. Its PA has huge DP CPU usage (arround 80%). I try to figure out the reason of this usage.I've isolated the "ctd_token" process which is a big CPU user. Can you give me a hint about its utility?cheers,Edouard

epavis by L1 Bithead
  • 7277 Views
  • 6 replies
  • 0 Likes

DNS license and PAN OS 9.0

During Ignite we were told that DNS is coming as license service in PAN OS9.0.Need to know is this service different from dns sinkhole? IF it is how it is ?

MP18 by Cyber Elite
  • 3609 Views
  • 3 replies
  • 0 Likes

Traffic dropped due to old discarded session

We have traffic rule to allow the traffic but seems traffic is dropped by the PA when i did pcap.then from cli i did show session all filter source there i see old session from april in discarded state.i ran the command few times and this session was always there we try many times the traffic never worked. after clearing the old session id tra...

MP18 by Cyber Elite
  • 3183 Views
  • 2 replies
  • 0 Likes

Panorama pulling in vmware objects

I'm just wondering if there is a way for panorama to talk to vmware to pull in the virtual systems and tags for quicker deployments much like it can do with AWS. I have been looking around but I haven't seen anything specific and help would be great.

murphyj by L2 Linker
  • 2712 Views
  • 1 replies
  • 0 Likes

deny telnet command but permit JDBC protocol

We have an internal discussion about whether it is possible to block the 3 way hanshake TCP but allow the JDBC application protocol.In other words we would like to block the test of the port with the command "telent address port" but we would like that the connections via JDBC continue to work.is it possible to do this theoretically? Is it possi...

cata86 by L0 Member
  • 5031 Views
  • 2 replies
  • 0 Likes

SSL Certificates from enterprise CA

I will admit, certificates are one of my bigest hates.. I just can't get on with them Firstly we have a microsoft EnterPrise CA. Which I am not overly familiar with anyway ( But I have managed to get the web interface workig on it...) Idealy what I would love is top be able to generate certificates on the firewall that are trusted by all clients...

RMA'd Panorama m-100, how to migrate?

We had to RMA our m-100 Panorama and now I want to replace the failing one with the new one but for the life of me can't seem to figure out the steps to do that. The link from this page: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNMCA0 is broken and support has been less than helpful. Has anyone done this before...

drewdown by L4 Transporter
  • 4372 Views
  • 2 replies
  • 0 Likes

Refresh EDL from webserver

Hello community, We are using EDL for manually blacklist and whitelist some domains. We configured all our firewalls to refresh the EDLs every 5 minutes, but EDLs don't refresh until a couple hours. The solution that we found is use the "import now" button, doing that the EDLs refreshes. Is there any log we can search to see why the EDLs doesn't...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels